Access to a database is managed by authority that is defined in, for example, relationship between a subject and an object. The subject is a user authenticated by a system that manages access. For such user authentication, various manners of authentication, such as matching decision between, for example, a user identification string and a password string, are used. The object is a database entity subject to access. The object is structured by, for example, columns making up a table and is sometimes abstracted by an operation command to a database management system that is not intended for a specific object.
Access authority management is system operation carried out in many systems, and there is a case that only the user identification string and the password string in the past are insufficient. For example, there is a case of carrying out operation, such as server stop at night, to completely inhibit access to a database at night, so that an idea of available time (clock time) for access authority is sometimes introduced.
In order to introduce the concept of available time for authority into access authority management, current clock time is obtained every time when accessing a table for determination, for example. In addition, when working with a database, a query to direct joining to a plurality of tables and the like are sometimes specified, so that access authority check including clock time confirmation per table subject to access turns out to be carried out.
As a related technique in the past, there is a technique, for example, to determine availability of reference to a database based on a user name set in a process that issues a query, a database name, a file name, and an item name specified by the query, and clock time when the query is issued. In addition, there is a technique in which access attributes including time information are set in an access attribute file and then the access attribute file is referred by a file access function that is activated every time accessing a file subject to access to carry out decision of access permission including time information. There is also a technique in which, when there is a demand for access to a file, access availability is decided based on information included in the access demand, and a user ID, a password, a permission time period, and a terminal ID that are registered in an access management table. Still in addition, there is a technique in which, after releasing a page frame that is not accessed by the processor since the last scan, pageout daemon process to be in a sleep state is dispatched at predetermined intervals.
Japanese Laid-open Patent Publication Nos. 10-289134, 8-314786, 2000-259567, and 9-269902 are examples of related art.